Are you sharing too much information in your Out of Office message? One of our core values at Ekaru is being "Friendly and Helpful". In that spirit, I used to include a lot of information in my Out of Office Auto-Reply... because I wanted to be friendly and helpful!
With Summer travel in full swing, it's the perfect time to reconsider what your out-of-office message is really saying. With a detailed out-of-office message, I was giving a way too much - where I was going, how long I'd be gone, who to contact while I was out, and when I'd return. Now I was never too specific about where I would be, but even stating "at a conference" could give a potential scammer enough information to socially engineer one of my staff - "Hey, I hope Ann is enjoying the conference! Since she's away, can you update our billing information. Say "hi" when she returns."
The Problem with the “Helpful” Auto-Reply
Most out-of-office messages include things like:
-
Full name and job title
-
Exact travel dates
-
Who’s covering for you and their contact info
-
Your return schedule
On the surface, that seems harmless. But to a cybercriminal, it’s a goldmine. Here's why:
You're broadcasting a lot of information, and scammers use this info to:
-
Time phishing emails when they know you're away and can't verify something
-
Impersonate you (or your backup contact) in a business email compromise scam
-
Map your internal org chart for future attacks. You may have information like this already visible on LinkedIn or your website, but why make it easy for scammers?
A Smarter, Safer Way to Write Your Auto-Reply
Instead of broadcasting your absence to the world, here's how you can keep your communication professional and secure:
✅ Keep it vague:
Don’t reveal specific dates or locations.
✅ Use internal vs. external replies:
Microsoft 365 and other systems let you show detailed messages only to coworkers.
✅ Avoid naming your backup:
Scammers can use their name in fake messages. Route urgent messages to a generic office email or phone number instead.
✅ Skip it entirely for outside senders:
If you have a shared inbox or coverage plan, you may not need an auto-reply at all.
To create your Out of Office Reply, in Microsoft Outlook go to "File" / and select "Automatic Replies".
You have several options around the specific time you want the messages to go out - so you can schedule ahead of time. Also, you can choose whether or not to send a reply to people outside your organization, and if you do, you can choose to only allow recipients that are already in your address book. This is tricky for businesses, because we frequently get important messages from new people, but the good news is that you're in control!
Why This Matters (Especially for Small Businesses)
You might think this is only a concern for big corporations, but the truth is: small businesses are prime targets for email-based attacks. Check out the Verizon Data Breach Investigations Report for a lot of detailed information on this.
One well-timed fake invoice or spoofed message can cost thousands, or worse, compromise client trust.
And guess what often triggers those attacks? An innocent out-of-office reply that told scammers the perfect time to strike.
We Help Local Businesses Avoid These Kinds of Mistakes
As part of our cybersecurity and IT support services, we help business owners lock down the simple stuff, because that’s often where the biggest vulnerabilities hide.
Auto-replies, email forwarding rules, permission settings - they seem small, but they’re critical.
Here’s a Safer Auto-Reply Template You Can Use
Subject: Out of Office
Thank you for your message. I’m currently unavailable and will respond as soon as possible. If your matter is urgent, please contact our main office at [insert generic phone or email].
Best regards,
[First Name]
This is short, polite, and safe.
It’s the Little Things That Can Cost You Big
Cybersecurity isn’t just about firewalls and antivirus. It’s about awareness, behavior, and thinking like the bad guys do.
Your out-of-office reply is just one example. There are dozens of small habits that can make or break your security - smart and affordable things that make a big difference.
Want to know what else you might be missing? Let’s schedule a quick security check-up - no jargon, no pressure. Just straight answers to keep your business safe.
Contact us to set up a no-obligation conversation about security.